Deploying GreenRadius on Amazon Linux 2

Prerequisites

  • A target machine (x86_64) running Amazon Linux 2
  • A GreenRADIUS update package (v5.1.3.3 or later)
  • The docker-compose-override-tz.yml, docker-compose-override.yml, and timezone_handle_for_docker_on_Amazon-Linux-2.sh files from this deployment package

Deployment Instructions

  1. Log in with a user that has sudo access.
  2. Configure a static IP, netmask, gateway and DNS servers for the server.
  3. Run sudo yum update
  4. Run sudo yum install -y yum-utils device-mapper-persistent-data lvm2
  5. Run sudo yum -y install curl wget unzip awscli aws-cfn-bootstrap nfs-utils chrony conntrack jq ec2-instance-connect socat
  6. Run if sudo yum list installed | grep ec2-net-utils; then sudo yum remove ec2-net-utils -y -q; fi
  7. Run sudo amazon-linux-extras enable docker
  8. Run sudo yum -y install docker
  9. Run sudo systemctl enable docker
  10. Run `sudo curl -L "https://github.com/docker/compose/releases/download/1.28.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
  11. Run sudo chmod +x /usr/local/bin/docker-compose
  12. Run sudo yum install unzip
  13. Run sudo amazon-linux-extras install epel -y
  14. Run sudo yum install incron
  15. Run sudo yum install net-tools
  16. Run sudo useradd -d /home/gradmin -m -G wheel -s /bin/bash gradmin
  17. Run sudo passwd gradmin
  18. Run chmod -R 750 /home/gradmin
  19. Run chown -R gradmin:gradmin /home/gradmin
  20. Reboot and log in as the gradmin user.
  21. Copy the latest GreenRADIUS update package to the /tmp/ directory.
  22. Copy the provided docker-compose.override-tz.yml file to /tmp directory.
  23. Copy the provided docker-compose.override.yml file to /tmp directory.
  24. Copy the provided timezone_handle_for_docker_on_Amazon-Linux-2.sh script to /home/gradmin directory.
  25. Run sudo chmod 750 /home/gradmin/timezone_handle_for_docker_on_Amazon-Linux-2.sh
  26. Run sudo chown gradmin:gradmin /home/gradmin/timezone_handle_for_docker_on_Amazon-Linux-2.sh
  27. Run sudo service docker start
  28. Run sudo unzip /tmp/GreenRADIUS_xxxx_Update.zip -d /tmp/. In this instruction and those following, replace xxxx with the version number for the upgrade package.
  29. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/images.tgz -C /tmp/
  30. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/others.tgz -C /tmp/
  31. Run sudo mkdir -p /opt/grs/scripts
  32. Run sudo cp /tmp/others/vm_incron_scripts/* /opt/grs/scripts/
  33. Run cd /opt/grs/scripts && sudo chown root:root *.sh && sudo chmod 511 freeradius_restart.sh get_host_info.sh incron_script.sh openldap_cmd_template_3.sh openldap_restart.sh openldap_update_ca_certificates.sh rsyslog_restart.sh && cd -
  34. Run sudo bash -c "echo 'gradmin ALL=(root) NOPASSWD:/opt/grs/scripts/get_host_info.sh , /opt/grs/scripts/incron_script.sh , /opt/grs/scripts/rsyslog_restart.sh , /opt/grs/scripts/freeradius_restart.sh , /opt/grs/scripts/openldap_restart.sh , /opt/grs/scripts/openldap_update_ca_certificates.sh , /opt/grs/scripts/openldap_cmd_template_3.sh' > /etc/sudoers.d/grs"
  35. Run sudo mkdir -p /opt/grs/host-comm/request
  36. Run sudo mkdir -p /opt/grs/host-comm/response
  37. Run sudo chown -R gradmin:gradmin /opt/grs/host-comm
  38. Run sudo bash -c "echo 'gradmin' > /etc/incron.allow"
  39. Run sudo bash -c "echo '/opt/grs/host-comm/request IN_CLOSE_WRITE sudo /opt/grs/scripts/incron_script.sh \$#' > /var/spool/incron/gradmin"
  40. Run sudo systemctl enable incrond
  41. Run sudo service incrond restart
  42. Run sudo docker load -i /tmp/images/greenradius_xxxx_init_image
  43. Run sudo docker load -i /tmp/images/greenradius_xxxx_main_image
  44. Run sudo docker load -i /tmp/images/greenradius_xxxx_openldap_image
  45. Run sudo docker load -i /tmp/images/greenradius_xxxx_postgres_image
  46. Run sudo docker load -i /tmp/images/greenradius_xxxx_rsyslog_image
  47. Run sudo docker load -i /tmp/images/greenradius_xxxx_freeradius_image
  48. Run sudo docker load -i /tmp/images/greenradius_xxxx_grs_auth_app_image
  49. Run sudo mkdir -p /home/gradmin/grs-docker-compose
  50. Run sudo cp /tmp/others/docker-compose.yml /home/gradmin/grs-docker-compose/
  51. Run sudo chmod 750 /home/gradmin/grs-docker-compose/docker-compose.yml
  52. Run sudo chown gradmin:gradmin /home/gradmin/grs-docker-compose/docker- compose.yml
  53. Run sudo cp /tmp/docker-compose.override-tz.yml /home/gradmin/grs-docker-compose/
  54. Run sudo chmod 750 /home/gradmin/grs-docker-compose/docker-compose.override-tz.yml
  55. Run sudo chown gradmin:gradmin /home/gradmin/grs-docker-compose/docker- compose.override-tz.yml
  56. Run sudo cp /tmp/docker-compose.override.yml /home/gradmin/grs-docker-compose/
  57. Run sudo chmod 750 /home/gradmin/grs-docker-compose/docker-compose.override.yml
  58. Run sudo chown gradmin:gradmin /home/gradmin/grs-docker-compose/docker-compose.override.yml
  59. Set the proper timezone using the command sudo timedatectl set-timezone <time zone>. You can view a list of valid timezones with sudo timedatectl list-timezones | less.
  60. Run file /etc/timezone. If and only if it is a directory:
    1. Run sudo rm -rf /etc/timezone.
    2. Run sudo touch /etc/timezone.
    3. Edit /etc/timezone and enter the value set in step 59.
  61. Run sudo sh /home/gradmin/timezone_handle_for_docker_on_Amazon-Linux-2.sh
  62. Run sudo su -
  63. Run cd /home/gradmin/grs-docker-compose
  64. Run docker-compose -f docker-compose.yml -f docker-compose.override.yml -f docker- compose.override-tz.yml up -d
  65. Run sudo touch /etc/systemd/system/grs-docker-compose-app.service
  66. Edit /etc/systemd/system/grs-docker-compose-app.service and enter the following: 
    # /etc/systemd/system/grs-docker-compose-app.service

[Unit]
Description=Docker Compose Application Service
Requires=docker.service
After=docker.service

[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/home/gradmin/grs-docker-compose
ExecStart=/usr/local/bin/docker-compose -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.override-tz.yml up -d
ExecStop=/usr/local/bin/docker-compose down
TimeoutStartSec=0

[Install]
WantedBy=multi-user.target
  67. Save the file.
  68. Run sudo systemctl enable grs-docker-compose-app
  69. Run sudo systemctl start grs-docker-compose-app.service

To apply subsequent updates

  1. Copy the update package to the /tmp directory.
  2. Log in as gradmin.
  3. Run sudo yum update
  4. Run sudo unzip /tmp/GreenRADIUS_xxxx_Update.zip -d /tmp/. Note that in this command and below, xxxx should be replaced with the current version number.
  5. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/images.tgz -C /tmp/
  6. Run sudo tar -xvzf /tmp/GreenRADIUS_xxxx_Update/others.tgz -C /tmp/
  7. Run sudo docker load -i /tmp/images/greenradius_xxxx_init_image
  8. Run sudo docker load -i /tmp/images/greenradius_xxxx_main_image
  9. Run sudo docker load -i /tmp/images/greenradius_xxxx_openldap_image
  10. Run sudo docker load -i /tmp/images/greenradius_xxxx_postgres_image
  11. Run sudo docker load -i /tmp/images/greenradius_xxxx_rsyslog_image
  12. Run sudo docker load -i /tmp/images/greenradius_xxxx_freeradius_image
  13. Run sudo docker load -i /tmp/images/greenradius_xxxx_grs_auth_app_image
  14. Run cd /home/gradmin/grs-docker-compose
  15. Run sudo docker-compose down
  16. Run sudo cp /tmp/others/docker-compose.yml /home/gradmin/grs-docker-compose/
  17. Run cd /home/gradmin/grs-docker-compose
  18. Run sudo docker-compose -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.override-tz.yml up -d

To manually start/stop containers

First, change the directory with cd /home/gradmin/grs-docker-compose/.

To start the container, run sudo docker-compose -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.override-tz.yml up -d.

To stop the container, run sudo docker-compose down.

Updated 2023-10-31
© 2024 Green Rocket Security Inc. All rights reserved.